node network, pod network, cluster network
virtual IP
userspace 模型:
iptable模型:
ipvs模型:
Service
工作模式:userspace, iptables, ipvs
userspace: 1.1-
iptables: 1.10-
ipvs: 1.11+
类型:
ExternalName, ClusterIP, NodePort, and LoadBalancer
资源记录:
SVC_NAME.NS_NAME.DOMAIN.LTD.
svc.cluster.local.
redis.default.svc.cluster.local.
master:
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
myapp NodePort 10.100.224.224 <none> 80:30308/TCP 14d
nginx ClusterIP 10.101.88.185 <none> 80/TCP 14d
redis ClusterIP 10.106.58.175 <none> 6379/TCP 4d
[root@master manifests]# kubectl delete svc redis
[root@master manifests]# kubectl delete svc nginx
[root@master manifests]# kubectl delete svc myapp
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
[root@master manifests]# kubectl explain svc
[root@master manifests]# kubectl explain svc.spec
[root@master manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
client 0/1 Error 0 14d
filebeat-ds-dlqxm 1/1 Running 0 2d
filebeat-ds-shxhs 1/1 Running 0 2d
liveness-httpget-pod 1/1 Running 3 11d
myapp-deploy-69b47bc96d-9xq44 1/1 Running 1 5d
myapp-deploy-69b47bc96d-mxlpg 1/1 Running 1 5d
myapp-deploy-69b47bc96d-p9b98 1/1 Running 1 5d
myapp-deploy-69b47bc96d-v4sdf 1/1 Running 1 5d
myapp-deploy-69b47bc96d-vkksx 1/1 Running 1 5d
readiness-httpget-pod 1/1 Running 1 11d
redis-5b5d6fbbbd-9m5p5 1/1 Running 1 4d
[root@master manifests]# kubectl explain svc.spec.ports
[root@master manifests]# kubectl explain svc.spec.selector
[root@master manifests]# vim redis-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
selector:
app: redis
role: logstor
clusterIP: 10.97.97.97
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
[root@master manifests]# kubectl apply -f redis-svc.yaml
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
redis ClusterIP 10.97.97.97 <none> 6379/TCP 13s
[root@master manifests]# kubectl describe svc redis
Name: redis
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":
"redis","namespace":"default"},"spec":{"clusterIP":"10.97.97.97","ports":[{"por...
Selector: app=redis,role=logstor
Type: ClusterIP
IP: 10.97.97.97
Port: <unset> 6379/TCP
TargetPort: 6379/TCP
Endpoints: 10.244.1.39:6379
Session Affinity: None
Events: <none>
[root@master manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
client 0/1 Error 0 14d
filebeat-ds-dlqxm 1/1 Running 0 3d
filebeat-ds-shxhs 1/1 Running 0 3d
liveness-httpget-pod 1/1 Running 3 11d
myapp-deploy-69b47bc96d-9xq44 1/1 Running 1 5d
myapp-deploy-69b47bc96d-mxlpg 1/1 Running 1 5d
myapp-deploy-69b47bc96d-p9b98 1/1 Running 1 5d
myapp-deploy-69b47bc96d-v4sdf 1/1 Running 1 5d
myapp-deploy-69b47bc96d-vkksx 1/1 Running 1 5d
readiness-httpget-pod 1/1 Running 1 11d
redis-5b5d6fbbbd-9m5p5 1/1 Running 1 4d
[root@master manifests]# kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
client 0/1 Error 0 14d run=client
filebeat-ds-dlqxm 1/1 Running 0 3d app=filebeat,controller-revision-hash=2004607620,pod-template-gener
ation=2,release=stable
filebeat-ds-shxhs 1/1 Running 0 3d app=filebeat,controller-revision-hash=2004607620,pod-template-gener
ation=2,release=stable
liveness-httpget-pod 1/1 Running 3 11d <none>
myapp-deploy-69b47bc96d-9xq44 1/1 Running 1 5d app=myapp,pod-template-hash=2560367528,release=canary
myapp-deploy-69b47bc96d-mxlpg 1/1 Running 1 5d app=myapp,pod-template-hash=2560367528,release=canary
myapp-deploy-69b47bc96d-p9b98 1/1 Running 1 5d app=myapp,pod-template-hash=2560367528,release=canary
myapp-deploy-69b47bc96d-v4sdf 1/1 Running 1 5d app=myapp,pod-template-hash=2560367528,release=canary
myapp-deploy-69b47bc96d-vkksx 1/1 Running 1 5d app=myapp,pod-template-hash=2560367528,release=canary
readiness-httpget-pod 1/1 Running 1 11d <none>
redis-5b5d6fbbbd-9m5p5 1/1 Running 1 4d app=redis,pod-template-hash=1618296668,role=logstor
[root@master manifests]# cp redis-svc.yaml myapp-svc.yaml
[root@master manifests]# vim myapp-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: 10.99.99.99 #可以不指定,动态分配
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30080 #可以不指定,动态分配,需要worker节点上没有使用的端口
[root@master manifests]# kubectl apply -f myapp-svc.yaml
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
myapp NodePort 10.99.99.99 <none> 80:30080/TCP 6s
redis ClusterIP 10.97.97.97 <none> 6379/TCP 11m
node04:
[root@node04 ~]# while true;do curl http://172.20.0.66:30080/hostname.html; sleep 1; done myapp-deploy-69b47bc96d-mxlpg myapp-deploy-69b47bc96d-p9b98 myapp-deploy-69b47bc96d-vkksx myapp-deploy-69b47bc96d-mxlpg [root@node04 ~]# while true;do curl http://172.20.0.66:30080/; sleep 1; done Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
master:
[root@master manifests]# kubectl explain svc.spec.externalName
[root@master manifests]# kubectl patch svc myapp -p '{"spec":{"sessionAffinity":"ClientIP"}}' #给myapp的svc打补丁添加sessionAffinity字段
[root@master manifests]# kubectl describe svc myapp
Name: myapp
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},
"name":"myapp","namespace":"default"},"spec":{"clusterIP":"10.99.99.99","ports":[{"nod...
Selector: app=myapp,release=canary
Type: NodePort
IP: 10.99.99.99
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30080/TCP
Endpoints: 10.244.1.35:80,10.244.1.37:80,10.244.1.38:80 + 2 more...
Session Affinity: ClientIP
External Traffic Policy: Cluster
Events: <none>
node04:
[root@node04 ~]# while true;do curl http://172.20.0.67:30080/hostname.html; sleep 1; done myapp-deploy-69b47bc96d-v4sdf myapp-deploy-69b47bc96d-v4sdf myapp-deploy-69b47bc96d-v4sdf myapp-deploy-69b47bc96d-v4sdf
master:
[root@master manifests]# kubectl patch svc myapp -p '{"spec":{"sessionAffinity":"None"}}'
node04:
[root@node04 ~]# while true;do curl http://172.20.0.67:30080/hostname.html; sleep 1; done myapp-deploy-69b47bc96d-mxlpg myapp-deploy-69b47bc96d-v4sdf myapp-deploy-69b47bc96d-p9b98 myapp-deploy-69b47bc96d-mxlpg
master:
[root@master manifests]# cp myapp-svc.yaml myapp-svc.headless.yaml
[root@master manifests]# vim myapp-svc-headless.yaml #无头svc
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: ""
ports:
- port: 80
targetPort: 80
[root@master manifests]# kubectl apply -f myapp-svc-headless.yaml
service/myapp-svc created
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
myapp NodePort 10.99.99.99 <none> 80:30080/TCP 39m
myapp-svc ClusterIP 10.103.29.205 <none> 80/TCP 3s
redis ClusterIP 10.97.97.97 <none> 6379/TCP 50m
[root@master manifests]# kubectl delete svc myapp-svc
[root@master manifests]# vim myapp-svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: None
ports:
- port: 80
targetPort: 80
[root@master manifests]# kubectl apply -f myapp-svc.headless.yaml
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
myapp NodePort 10.99.99.99 <none> 80:30080/TCP 41m
myapp-svc ClusterIP None <none> 80/TCP 28s
redis ClusterIP 10.97.97.97 <none> 6379/TCP 52m
[root@master manifests]# kubectl delete svc myapp-svc
[root@master manifests]# vim myapp-svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: "None"
ports:
- port: 80
targetPort: 80
[root@master manifests]# kubectl apply -f myapp-svc-headless.yaml
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20d
myapp NodePort 10.99.99.99 <none> 80:30080/TCP 44m
myapp-svc ClusterIP None <none> 80/TCP 5s
redis ClusterIP 10.97.97.97 <none> 6379/TCP 56m
[root@master manifests]# dig -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51865
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myapp-svc.default.svc.cluster.local. IN A
;; ANSWER SECTION:
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.1.35
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.1.37
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.1.38
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.2.31
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.2.34
;; Query time: 489 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: 一 5月 18 20:34:47 CST 2020
;; MSG SIZE rcvd: 319
[root@master manifests]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21d
myapp NodePort 10.99.99.99 <none> 80:30080/TCP 23h
myapp-svc ClusterIP None <none> 80/TCP 22h
redis ClusterIP 10.97.97.97 <none> 6379/TCP 23h
[root@master manifests]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 21d
[root@master manifests]# kubectl get pods -o wide -l app=myapp
NAME READY STATUS RESTARTS AGE IP NODE
myapp-deploy-69b47bc96d-9xq44 1/1 Running 1 6d 10.244.2.34 node02.smoke.com
myapp-deploy-69b47bc96d-mxlpg 1/1 Running 1 6d 10.244.1.37 node01.smoke.com
myapp-deploy-69b47bc96d-p9b98 1/1 Running 1 6d 10.244.2.31 node02.smoke.com
myapp-deploy-69b47bc96d-v4sdf 1/1 Running 1 6d 10.244.1.35 node01.smoke.com
myapp-deploy-69b47bc96d-vkksx 1/1 Running 1 6d 10.244.1.38 node01.smoke.com
[root@master manifests]# dig -t A myapp.default.svc.cluster.local. @10.96.0.10
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t A myapp.default.svc.cluster.local. @10.96.0.10
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32116
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myapp.default.svc.cluster.local. IN A
;; ANSWER SECTION:
myapp.default.svc.cluster.local. 5 IN A 10.99.99.99
;; Query time: 47 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: 一 5月 18 20:37:19 CST 2020
;; MSG SIZE rcvd: 107
浙公网安备 33010602011771号